Probablynot. It is an artist website with over 20 million users. Plus, it is not a constant phenomenon. Sometimes it occurs, sometime not. If it is steered by the website, they would do this maybe in a more efficient / constant way. I am still on the ads or the exit node approach because this could explain the randomness. If it occurs the next time, I try to figure out at least the source (e.g.banner or transparent-pixel & URL) of the exploit. Maybe it is also a false positive. Have to check this. At the moment the filesare getting immediately purged (what is normally good).
12. Nov 2016 21:42 by k...@cyblings.on.ca: > On 12/11/16 04:40 PM, John Doe wrote: >> Recently, Istumble relatively often over a message by my Antivirus >> that a file was removedfrom the TB “doomed” cache, where binary >> files like images are cached. These filesseem to contain an exploit >> like “Win32/ShellCode.A”. Firstly Iassumed a bad exit node that >> tampers with the content. But the alerts came in frequently and on >> several exit nodes. Now Isuspect something like malicious add >> banners. Maybe in combination with adetection function for TOR exit >> node IPs. > > What sites did you visit recently using TB? Maybe they were the source of > infections. I am happy to check them using a non-Windows computer. > > -- > tor-talk mailing list - > tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
